itlawwikiaorg-20200214-history
Smart Grid - Privacy Considerations
Overview There are many significant privacy concerns and issues relating to the Smart Grid. Four dimensions of privacy are impacted by the Smart Grid, including: #'Personal information' — any information relating to an individual, who can be identified, directly or indirectly, by that information and in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, locational or social identity. Privacy of personal information involves the right to control when, where, how, to whom, and to what extent an individual shares their own personal information, as well as the right to access personal information given to others, to correct it, and to ensure it is safeguarded and disposed of properly. Personal information within the Smart Grid includes, but is not be limited to, information that reveals details, either explicitly or implicitly, about a specific individual’s or specific group's type of premises and energy use activities. This is expanded beyond the normal "individual" component because there could be negative privacy impacts for all individuals within one dwelling or building structure. This can include items such as energy use patterns, characteristics related to energy consumption through smart appliances, and other types of activities. The energy use pattern could be considered unique to a household or premises similar to how a fingerprint or DNA is unique to an individual. Personal information also includes energy use patterns that identify specific appliances or devices that may indicate a medical problem of a household member or visitor; the inappropriate use of an employer-issued device to an employee that is a household member or visitor; the use of a forbidden appliance in a rented household. Smart appliances and devices will create additional information that may reveal a significant amount of additional personal information about an individual, such as what food they eat, how much they exercise and detailed physical information. This would also become a privacy issue in a university, office setting, healthcare facility and so on. #'Personal privacy' — the right to control the integrity of one’s own body. It covers such things as physical requirements, health problems, and required medical devices. #'Behavioral privacy' — the right of individuals to make their own choices about what they do and to keep certain personal behaviors from being shared with others. #'Personal communications privacy' — the right to communicate without undue surveillance, monitoring, or censorship. Most Smart Grid entities directly address the first dimension, because most data protection laws and regulations cover privacy of personal information. However, the other three dimensions are important privacy considerations as well; thus dimensions 2, 3, and 4 should also be considered in the Smart Grid context because new types of energy use data can be created and communicated. For instance, we can recognize unique electric signatures for consumer electronics and appliances and develop detailed, time-stamped activity reports within personal dwellings. Charging station information can detail whereabouts of an EV. This data did not exist before the application of Smart Grid technologies.For instance, consider the enhanced ability the Smart Grid will give to determining a person’s behavior within a home through more granular energy usage data. When considering how existing laws may deal with privacy issues within the Smart Grid, and likewise the potential influence of other laws that explicitly apply to the Smart Grid, it is important to note that while Smart Grid privacy concerns may not be expressly addressed, existing laws and regulations may still be applicable. Nevertheless, the innovative technologies of the Smart Grid pose new issues for protecting consumers’ privacy that will have to be tackled by law or by other means. The Smart Grid will greatly expand the amount of data that can be monitored, collected, aggregated, and analyzed. This expanded information, particularly from energy consumers and other individuals, raises added privacy concerns. For example, specific appliances and generators can be identified from the signatures they exhibit in electric information at the meter when collections occur with great frequency as opposed to through traditional monthly meter readings. This more detailed information expands the possibility of intruding on consumers’ and other individuals’ privacy expectations. General invasion of privacy concerns Two aspects of the Smart Grid may raise new privacy legal issues. First, the Smart Grid significantly expands the amount of data available in more granular form as related to the nature and frequency of energy consumption and creation, thereby opening up more opportunities for general invasion of privacy. Suddenly a much more detailed picture can be obtained about activities within a given dwelling, building, or other property, and the time patterns associated with those activities make it possible to detect the presence of specific types of energy consumption or generation equipment. Granular energy data may even indicate the number of individuals in a dwelling unit, which could also reveal when the dwelling is empty or is occupied by more people than usual. The public sharing of information about a specific location’s energy use is also a distinct possibility. This raises the concern that persons other than those living within the dwelling but having access to energy data could likewise automate public sharing of private events without the dwellers’ consent — a general invasion of privacy. The concern exists that the prevalence of granular energy data could lead to actions on the part of law enforcement — possibly unlawful in themselves — and lead to an invasion of privacy, such as remote surveillance or inference of individual behavior within dwellings, that could be potentially harmful to the dwelling’s residents. Law enforcement agencies have already used monthly electricity consumption data in criminal investigations. For example, in Kyllo v. United States,533 U.S. 27 (2001) (full-text). the government relied on monthly electrical utility records to develop its case against a suspected marijuana grower.Id. at 30. The U.S. Supreme Court opinion in this case focused on government agents’ use of thermal imaging technology. However, the district court decision discusses other facts in the case, including that government agents issued a subpoena to the utility for the suspect’s monthly power usage records. See Kyllo v. United States, 809 F. Supp. 787, 790 (D. Or. 1992), aff’d, 190 F.3d 1041 (9th Cir. 1999), rev’d, 533 U.S. 27 (2001) (full-text). Government agents issued a subpoena to the suspect’s utility to obtain energy usage records and then used a utility-prepared “guide for estimating appropriate power usage relative to square footage, type of heating and accessories, and the number of people who occupy the residence” to show that the suspect’s power usage was "excessive" and thus "consistent with" a marijuana-growing operation.Id. As Smart Grid technologies collect more detailed data about households, one concern is that law enforcement officials may become more interested in accessing that data for investigations or to develop cases. For instance, agencies may want to establish or confirm presence at an address at a certain critical time or even establish certain activities within the home — information that may be readily gleaned from Smart Grid data. However, the Supreme Court in Kyllo clearly reaffirmed the heightened Fourth Amendment privacy interest in the home and noted this interest is not outweighed by technology that allows government agents to “see” into the suspect’s home without actually entering the premises.Id. The Court stated, Second, unlike the traditional energy grid, the Smart Grid may be viewed as carrying private and/or confidential electronic communications between utilities and end-users, possibly between utilities and third parties,The term “third party” is one that is not well defined. The SGIP-CSWG privacy subgroup recognizes third party access as a significant issue and plans to address this in more depth in a future version of the chapter. and between end-users and third parties. Current law both protects private electronic communications and permits government access to real-time and stored communications, as well as communications transactional records, using a variety of legal processes.Such as the Electronic Communications Privacy Act, 18 U.S.C. § 2510. Moreover, under the Communications Assistance for Law Enforcement Act (CALEA), telecommunications carriers and equipment manufacturers are required to design their systems to enable lawful access to communications. The granular Smart Grid data may also have parallels to call detail records collected by telecommunications providers. It is unclear if laws that regulate government access to communications will also apply to the Smart Grid. In short, the innovative technologies of the Smart Grid pose new legal issues for privacy of the home, as well as any type of property location that has traditionally received strong Fourth Amendment protection. As Justice Scalia wrote in Kyllo: New privacy concerns raised by the Smart Grid The ability to access, analyze, and respond to much more precise and detailed data from all levels of the power grid is critical to the major benefits of the Smart Grid — and it is also a significant concern from a privacy viewpoint, especially when this data and data extrapolations are associated with individual consumers or locations. Some articles in the public media have raised serious concernsOne example of this is available at Andrew Maykuth, "Utilities' Smart Meters Save Money, but Erode Privacy," Philadelphia Inquirer (Sept. 6, 2009) (full-text). about the type and amount of billing, usage, appliance, and other related information flowing throughout the various components of the Smart Grid. There are also concerns across multiple industries about data aggregation of "anonymized" data. For example, in other situations, associating pieces of anonymized data with other publicly available non-anonymous data sets has been shown by various studies to actually reveal specific individuals.See, e.g., Bradley Malin, Latanya Sweeney & Elaine Newton, "Trail Re-identification: Learning Who You are From Where You Have Been" (here). Frequent meter readings may provide a detailed timeline of activities occurring inside a metered location and could also lead to knowledge about specific equipment usage or other internal home/business processes. ::::Potential Privacy Impacts that Arise from the Collection and Use of Smart Grid Data Smart meter data raises potential surveillance possibilities posing physical, financial, and reputational risks. Because smart meters collect energy usage data at much shorter time intervals than in the past (in 15-minute or sub-15-minute intervals rather than once a month), the information they collect can reveal much more detailed information about the activities within a dwelling or other premises than was available in the past. This is because smart meter data provides information about the usage patterns for individual appliances — which in turn can reveal detailed information about activities within a premise through the use of non-intrusive appliance load monitoring (NALM) techniques.Elias Leake Quinn, "Smart Metering & Privacy: Existing Law and Competing Policies" A-2 (Spring 2009) (full-text). The development of NALM involved a real-time monitoring device attached to a meter to log energy consumption. Researchers then worked backward from that information using complex algorithms to reconstruct the presence of appliances. Since smart meters and these NALM devices operate similarly, the same research and techniques can be reused to identify appliances. Using NALM, appliances’ energy usage profiles can be compared to libraries of known patterns and matched to identify individual appliances.Id. at A-4 n.129 (discussing the maintaining of appliance profile libraries). For example, research shows that analyzing 15-minute interval aggregate household energy consumption data can by itself pinpoint the use of most major home appliances.Research suggests this can be done with accuracy rates of over 90%. See Elias Leake Quinn, Privacy and the New Energy Infrastructure 28 (Feb. 15, 2009) (abstract). See also Steven Drenker & Ab Kader, "Nonintrusive Monitoring of Electric Loads," IEEE Computer Applications in Power at 47, 50 (1999) (full-text), noting the near perfect identification success rate in larger two-state household appliances such as dryers, refrigerators, air conditioners, water heaters, and well pumps. NALM techniques have many beneficial uses, including pinpointing loads for purposes of load balancing or increasing energy efficiency. However, such detailed information about appliance use can also reveal whether a building is occupied or vacant, show residency patterns over time, and reflect intimate details of people’s lives and their habits and preferences inside their homes.For instance, daily routines such as showers and baths could be identified, as well as whether the customer "prefers microwave dinners to a three-pot meal." Id. Quinn, "Privacy and the New Energy Infrastructure," at 5. In 1989, George W. Hart, one of the inventors of NALM, explained the surveillance potential of the technique.George W. Hart, "Residential Energy Monitoring and Computerized Surveillance via Utility Power Flows," IEEE Technology and Society Mag. (June 12, 1989) (full-text). As the time intervals between smart meter data collection points decreases, appliance use will be inferable from overall utility usage data and other Smart Grid data with even greater accuracy. In general, more data, and more detailed data, may be collected, generated, and aggregated through Smart Grid operations than previously collected through monthly meter readings and distribution grid operations. In addition to utilities, new entities may also seek to collect, access, and use smart meter data (e.g., vendors creating applications and services specifically for smart appliances, smart meters, and other building-based solutions). Further, once uniquely identifiable “smart” appliances are in use, they will communicate even more specific information directly to utilities, consumers, and other entities, thus adding to the detailed picture of activity within a premise that NALM can provide. The proliferation of smart appliances, utility devices, and devices from other entities throughout the Smart Grid, on both sides of the meter, means an increase in the number of devices that may generate data. The privacy risks presented by these smart appliances and devices on the consumer side of the meter are expanded when these appliances and devices transmit data outside of the home area network (HAN) or energy management system (EMS) and do not have documented security requirements, effectively extending the perimeter of the system beyond the walls of the premises. Data may also be collected from plug-in electric vehicles (PEVs). Charging data may be used to track the travel times and locations for the PEV owners. Privacy impact assessment The Privacy Sub-Group of the Cyber Security Coordination Task Group (now called the Smart Grid Interoperability Panel–Cyber Security Working Group (SGIP-CSWG)), which is responsible for addressing privacy on the Smart Grid, particularly in the area of consumer-to-utility information exchanges, has issued a high-level privacy impact assessment (PIA). The PIA stated that:U.S. Department of Commerce, NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0 (Draft)" (Sept. 2009); U.S. Department of Commerce, "Draft NISTIR 7628 Smart Grid Cyber Security Strategy and Requirements" 8-14 (Sept. 2009). See also U.K. Department of Energy and Climate Change, "Impact Assessment of Smart/Advanced Meters Roll Out to Small and Medium Businesses" 23-24 (May 2009). * the privacy implications of the Smart Grid are not fully understood * there is a lack of formal privacy policies, standards or procedures by entities who are involved in the Smart Grid and collect information * comprehensive and consistent definitions of personally identifiable information do not generally exist in the utility industry * distributed energy resources and smart meters will reveal information about residential customers and activities within the house * roaming Smart Grid devices, such as electric vehicles recharging at a friend's house, could create additional personal information * smart meters and the Smart Grid network will be able to use personal information in unlimited numbers of ways * despite the 2000 resolution adopted by the National Association of Regulatory Utility Commissioners urging the adoption of privacy principles, few state level utility commissions have begun to assess privacy and the Smart Grid * future research is necessary and conducting further PIAs is critical. Privacy concerns arise when there is a possibility of discovering personally identifiable information (PII) such as the personal habits, behaviors and lifestyles of individuals inside dwellings, and to use this information for secondary purposes, other than for the provision of electricity. Electric utilities and other providers may have access to information about what customers are using, when they are using it, and what devices are involved. An electricity usage profile could become a source of behavioral information on a granular level. Fair information privacy principles Fair Information Practice Principles describe the manner in which entities using automated data systems and networks should collect, use, and safeguard personal information to assure their practice is fair and provides adequate information privacy protection. Notice and purpose for use of PII The new smart meters and accompanying potential and actual uses create the need for utilities to be more transparent and clearly provide notice documenting the types of data collected, and the purposes for collecting the data. Within the Smart Grid implementation a clearly-specified notice must describe the purpose for the collection, use, retention, and sharing of PII. Data subjects should be told this information at or before the time of collection. Choice and consent to use PII New smart meters create the need for utilities to give residents a choice about the types of data collected. Utilities should obtain consent from residents for using the collected data for other purposes, and as a requirement before data can be shared with other entities. Collection of PII In the current operation of the electric grid, data taken from meters consists of basic data usage readings required to create bills. Under a smart grid implementation, meters will collect other types of data. Some of this additional data may be PII. Frequent meter readings may provide not only a detailed time-line of activities occurring inside a metered location, they could also lead to knowledge being gained about specific equipment usage or other internal business processes. The proliferation of smart appliances and utility devices throughout the grid, on both sides of the meter, means an increase in the number of devices that may generate data. The privacy risks presented by these smart appliances and devices on the customer side of the meter are expanded when these appliances and devices transmit data outside of the Home Automation Network (HAN) or building management system and do not have documented security requirements, effectively extending the perimeter of the system beyond the walls of the premises. Data may also be collected from electric vehicles and plug-in hybrid electric vehicles (EVs/PHEVs). Charging data may be used to track the travel times and locations for the EV/PHEV owners. Because of the associated privacy risks, only the minimum amount of data necessary for the utility companies to use for energy management and billing should be collected. However, the amount of information collected may vary, depending on whether or not power generation occurs on the premises. Home generation services will likely increase the amount of information created and shared. Use and retention of PII In the current operation of the electric grid, data taken from meters is used to create residents’ bills, determine energy use trends, and allow customers to control their energy usage both on-site and remotely. The new smart meters, and the Smart Grid network, will have the capability to use the collected data in an unlimited number of ways. Information should only be used or disclosed for the purpose for which it was collected, and should be divulged only to those parties authorized to receive it. PII should be aggregated or anonymized wherever possible to limit the potential for computer matching of records. PII should only be kept as long as is necessary to fulfill the purposes for which it was collected. Individual access In the current operation of the electric grid, data taken from the meters is obtainable by consumers from their own homes. The data collected in a Smart Grid implementation may be stored in multiple locations. Currently, there is no standardized process to allow residents to access to their own corresponding PII that may be stored throughout the Smart Grid. Currently, customers are able to access their account information through their monthly bill, utility websites, and annual terms and conditions statements. The utilities that comprise the Smart Grid should establish and provide to all customers a process to allow them to inspect their corresponding PII, and to request the correction of inaccuracies. Customers should also be informed about parties with whom PII has been shared. Disclosure and limiting use of PII Significant privacy concerns and risks exist when PII is inappropriately shared without the knowledge and consent of the individuals to whom the PII applies. Data collected through smart meters should be used solely for the specific purposes for which it was collected. If utilities wish to use the data for other purposes, or share the data with other entities, they should notify consumers, clearly communicate their plans, and obtain consent to use and share the data as described. Security and safeguards The data collected from smart meters may potentially be transmitted to and stored in multiple locations throughout the Smart Grid. Establishing strong security safeguards will be necessary to protect the PII from loss, theft, unauthorized access, disclosure, copying, use, or modification. Accuracy and quality of PII The data collected from smart meters and related equipment will potentially be stored in multiple locations throughout the Smart Grid. Meter data may be automatically collected in a variety of ways. The ability to inappropriately modify data could be significant in utilities where access controls are not appropriately set. Accordingly, establishing strong security safeguards will be necessary to protect the information. Since meter data may be stored in many locations, and therefore, accessed by many different individuals and entities and used for a very wide variety of purposes, PII data may be inappropriately modified. Automated Smart Grid decisions made for home energy use could be detrimental for residents (e.g., restricted power, thermostats turned to dangerous levels), while decisions about Smart Grid power use and activities could be based upon inaccurate information. Every effort must be made to ensure that PII collected throughout the Smart Grid, and at all locations where it is stored, is accurate, complete and relevant for the purposes identified, and remains accurate throughout the life of the PII. References Sources * Smart Grid Data: Must There Be Conflict Between Energy Management and Consumer Privacy? * Smart Meter Data: Privacy and Cybersecurity Category:Smart grid Category:Privacy